mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-01-30 19:00:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Accept 'public' as a pseudo-role name in has_table_privilege() and friends

Browse Source 
to see if a particular privilege has been granted to PUBLIC.

The issue was reported by Jim Nasby.
Patch by Alvaro Herrera, and reviewed by KaiGai Kohei.
This commit is contained in:
Itagaki Takahiro 2010-10-13 14:37:23 +09:00
parent f4d242ef94
commit d0f876ca8c
2 changed files with 42 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/src/sgml/func.sgml
View File

@ -12348,8 +12348,8 @@ SET search_path TO <replaceable>schema</> <optional>, <replaceable>schema</>, ..
<para>
<function>has_table_privilege</function> checks whether a user
can access a table in a particular way. The user can be
specified by name or by OID
(<literal>pg_authid.oid</literal>), or if the argument is
specified by name, by OID (<literal>pg_authid.oid</literal>),
<literal>public</> to indicate the PUBLIC pseudo-role, or if the argument is
omitted
<function>current_user</function> is assumed. The table can be specified
by name or by OID. (Thus, there are actually six variants of
@ -12496,7 +12496,8 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute');
<function>pg_has_role</function> checks whether a user
can access a role in a particular way.
Its argument possibilities
are analogous to <function>has_table_privilege</function>.
are analogous to <function>has_table_privilege</function>,
except that <literal>public</> is not allowed as a user name.
The desired access privilege type must evaluate to some combination of
<literal>MEMBER</literal> or
<literal>USAGE</literal>.

62
src/backend/utils/adt/acl.c
View File

@ -113,6 +113,7 @@ static AclMode convert_role_priv_string(text *priv_type_text);
static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode);
static void RoleMembershipCacheCallback(Datum arg, int cacheid, ItemPointer tuplePtr);
static Oid get_role_oid_or_public(const char *rolname);
/*
@ -1791,7 +1792,7 @@ has_table_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*rolename), false);
roleid = get_role_oid_or_public(NameStr(*rolename));
tableoid = convert_table_name(tablename);
mode = convert_table_priv_string(priv_type_text);
@ -1840,7 +1841,7 @@ has_table_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_table_priv_string(priv_type_text);
if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
@ -1998,7 +1999,7 @@ has_sequence_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*rolename), false);
roleid = get_role_oid_or_public(NameStr(*rolename));
mode = convert_sequence_priv_string(priv_type_text);
sequenceoid = convert_table_name(sequencename);
if (get_rel_relkind(sequenceoid) != RELKIND_SEQUENCE)
@ -2058,7 +2059,7 @@ has_sequence_privilege_name_id(PG_FUNCTION_ARGS)
AclResult aclresult;
char relkind;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_sequence_priv_string(priv_type_text);
relkind = get_rel_relkind(sequenceoid);
if (relkind == '\0')
@ -2209,7 +2210,7 @@ has_any_column_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*rolename), false);
roleid = get_role_oid_or_public(NameStr(*rolename));
tableoid = convert_table_name(tablename);
mode = convert_column_priv_string(priv_type_text);
@ -2266,7 +2267,7 @@ has_any_column_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_column_priv_string(priv_type_text);
if (!SearchSysCacheExists1(RELOID, ObjectIdGetDatum(tableoid)))
@ -2451,7 +2452,7 @@ has_column_privilege_name_name_name(PG_FUNCTION_ARGS)
AclMode mode;
int privresult;
roleid = get_role_oid(NameStr(*rolename), false);
roleid = get_role_oid_or_public(NameStr(*rolename));
tableoid = convert_table_name(tablename);
colattnum = convert_column_name(tableoid, column);
mode = convert_column_priv_string(priv_type_text);
@ -2479,7 +2480,7 @@ has_column_privilege_name_name_attnum(PG_FUNCTION_ARGS)
AclMode mode;
int privresult;
roleid = get_role_oid(NameStr(*rolename), false);
roleid = get_role_oid_or_public(NameStr(*rolename));
tableoid = convert_table_name(tablename);
mode = convert_column_priv_string(priv_type_text);
@ -2506,7 +2507,7 @@ has_column_privilege_name_id_name(PG_FUNCTION_ARGS)
AclMode mode;
int privresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
colattnum = convert_column_name(tableoid, column);
mode = convert_column_priv_string(priv_type_text);
@ -2532,7 +2533,7 @@ has_column_privilege_name_id_attnum(PG_FUNCTION_ARGS)
AclMode mode;
int privresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_column_priv_string(priv_type_text);
privresult = column_privilege_check(tableoid, colattnum, roleid, mode);
@ -2823,7 +2824,7 @@ has_database_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
databaseoid = convert_database_name(databasename);
mode = convert_database_priv_string(priv_type_text);
@ -2872,7 +2873,7 @@ has_database_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_database_priv_string(priv_type_text);
if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(databaseoid)))
@ -3021,7 +3022,7 @@ has_foreign_data_wrapper_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
fdwid = convert_foreign_data_wrapper_name(fdwname);
mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
@ -3070,7 +3071,7 @@ has_foreign_data_wrapper_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_foreign_data_wrapper_priv_string(priv_type_text);
aclresult = pg_foreign_data_wrapper_aclcheck(fdwid, roleid, mode);
@ -3203,7 +3204,7 @@ has_function_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
functionoid = convert_function_name(functionname);
mode = convert_function_priv_string(priv_type_text);
@ -3252,7 +3253,7 @@ has_function_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_function_priv_string(priv_type_text);
if (!SearchSysCacheExists1(PROCOID, ObjectIdGetDatum(functionoid)))
@ -3403,7 +3404,7 @@ has_language_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
languageoid = convert_language_name(languagename);
mode = convert_language_priv_string(priv_type_text);
@ -3452,7 +3453,7 @@ has_language_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_language_priv_string(priv_type_text);
if (!SearchSysCacheExists1(LANGOID, ObjectIdGetDatum(languageoid)))
@ -3594,7 +3595,7 @@ has_schema_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
schemaoid = convert_schema_name(schemaname);
mode = convert_schema_priv_string(priv_type_text);
@ -3643,7 +3644,7 @@ has_schema_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_schema_priv_string(priv_type_text);
if (!SearchSysCacheExists1(NAMESPACEOID, ObjectIdGetDatum(schemaoid)))
@ -3787,7 +3788,7 @@ has_server_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
serverid = convert_server_name(servername);
mode = convert_server_priv_string(priv_type_text);
@ -3836,7 +3837,7 @@ has_server_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_server_priv_string(priv_type_text);
aclresult = pg_foreign_server_aclcheck(serverid, roleid, mode);
@ -3969,7 +3970,7 @@ has_tablespace_privilege_name_name(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
tablespaceoid = convert_tablespace_name(tablespacename);
mode = convert_tablespace_priv_string(priv_type_text);
@ -4018,7 +4019,7 @@ has_tablespace_privilege_name_id(PG_FUNCTION_ARGS)
AclMode mode;
AclResult aclresult;
roleid = get_role_oid(NameStr(*username), false);
roleid = get_role_oid_or_public(NameStr(*username));
mode = convert_tablespace_priv_string(priv_type_text);
aclresult = pg_tablespace_aclcheck(tablespaceoid, roleid, mode);
@ -4821,3 +4822,16 @@ get_role_oid(const char *rolname, bool missing_ok)
errmsg("role \"%s\" does not exist", rolname)));
return oid;
}
/*
* get_role_oid_or_public - As above, but return ACL_ID_PUBLIC if the
* role name is "public".
*/
static Oid
get_role_oid_or_public(const char *rolname)
{
if (strcmp(rolname, "public") == 0)
return ACL_ID_PUBLIC;
return get_role_oid(rolname, false);
}